ediverse Explorer la plateforme

À la une PEPPOL BIS Billing 3.0 L’obligation européenne d’e-invoicing arrive : France sept 2026, Belgique janv 2026, Allemagne 2025.

OASIS-SAML-2-0

OASIS SAML 2.0 SSO federated identity XML-based 2005.

Définition

SAML 2.0 key concepts : (1) Assertions : XML documents containing Authentication Statement (when + how user authenticated), Attribute Statement (user attributes name + email + groups + custom), Authorization Decision Statement (whether user authorized for resource), digitally signed by IdP. (2) Protocols : Authentication Request Protocol (SP requests authentication user IdP), Single Logout Protocol (SLO logout from all SPs), Artifact Resolution Protocol, Assertion Query and Request Protocol. (3) Bindings : transport mechanisms (HTTP Redirect Binding, HTTP POST Binding most common Web SSO, HTTP Artifact Binding, SAML SOAP Binding, etc.). (4) Profiles : combinations of assertions + protocols + bindings for specific use cases (Web Browser SSO Profile most popular, Enhanced Client or Proxy ECP Profile, Single Logout Profile, etc.). (5) Components : Identity Provider (IdP), Service Provider (SP), User Agent (browser typically), Metadata XML (describes IdP/SP capabilities + endpoints + certificates). Comparison OIDC OpenID Connect (modern alternative based OAuth 2.0 + JSON-based) : SAML SOAP-XML heavyweight + better for enterprise legacy + Browser SSO traditional, OIDC lightweight + JSON + better for mobile + modern web apps. SAML 2.0 remains dominant enterprise SSO (~70% large enterprises) due maturity + ecosystem.

Origine

SAML 1.0 OASIS Standard 2002 ; SAML 1.1 OASIS Standard 2003 ; SAML 2.0 OASIS Standard 15 mars 2005 ; ongoing maintenance OASIS SSTC.

Exemple en contexte

Salesforce.com enterprise customer uses Okta IdP for SSO into Salesforce SP via SAML 2.0 Web Browser SSO Profile : user clicks Salesforce login, Salesforce redirects browser to Okta with SAML AuthnRequest, Okta authenticates user, Okta redirects browser back to Salesforce with SAML Assertion (signed XML containing user attributes), Salesforce validates assertion + grants session.

Termes liés

Dernière mise à jour: 16 mai 2026